When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.
Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.
The growing popularity of Android applications (apps) has generated increased concerns over the danger of piracy and the spread of malware. A popular way to distribute malware in the mobile world is through the repackaging of legitimate apps. This process consists of manipulating an app by adding malware and other undesirable features and publishing it again in an app store. In this thesis, we conducted an empirical study of over 15,000 apps to gain insights into the factors that drive the spread of repackaged apps. We examined the motivations of developers who publish repackaged apps and those of users who download them, as well as the factors that determine which apps are selected for repackaging, and the ways in which apps are modified during the repackaging process. We have also studied the structure of Android applications to uncover the locations where malicious code are embedded into legitimate applications. Our findings show that service components contain key characteristics that entice attackers to misuse them. Therefore, we studied the behavior of malicious and benign services in more depth. We found that while benign services tend to inform the user of the background operations, malicious services take longer to run system operations and have a loose connection with the rest of the code. These findings led us to propose an approach to detect malware by studying the behavior of Android app services, which we modeled using API calls. We proposed various approaches using static and dynamic analysis techniques as well as machine learning to detect repackaged apps using API calls that we extracted by analyzing the apps’ services. We conducted experiments on large datasets to support our findings.